Impostor Email Threat Detection

We're re-publishing this important vendor communication.

Dear partner,

I wanted to reach out to share some best practices, data, and updates from the Proofpoint team around a critical attack vector. There have been many well publicized incidents recently of "business email compromise", highly targeted campaigns going after HR or finance departments, all of which rely on attackers convincing users that they are someone else. For example, a vendor needing payment, or an executive requesting a wire transfer or needing specific information like employee W2 data during tax season. That underlying approach is what we call "impostor email threats." Proofpoint researchers described these threats in a recent blog post, pointing out that they are natural extensions of the evolving phishing schemes we have seen for over the past decade.

In light of the recent uptick in attacks and the significant risk they pose, we recommend the following immediate actions:
Strongly consider enabling the “impostor email detection setting” in Proofpoint Essentials to best defend your users from these threats. We’ve documented the best practices for configuring these rules in this Knowledge Base article.
Make your Customer’s HR, Finance, and other teams aware of the types of emails they may receive. Recently, Proofpoint blocked emails with subject lines ranging from personal and familiar ("FYI, James" or "Hello Matt”) to specific and urgent ("WIRE REQUEST!!!", "Request for March 04,2016", and "Request For All Employees' W2s, Friday 4th March, 2016).
Connect with your Proofpoint team for further information regarding the new impostor email detection we’ve added to Proofpoint Essentials.

Contact us to discover how we can help grow your business.

If you’re an IT vendor looking to for value added channel management, or if you’re a reseller who wants superior technical and admin support, and access to leading IT solutions, contact Cleartext Systems today on: +44 (0)1494-453945